Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Secure email for health information Sebastian Morgan-Lynch
19 April 2016


Fast, accurate and complete information flows in the health sector are vital for all of us. If your doctor doesn’t have a particular test result, prescription or diagnosis, it might endanger your safety or even your life. Because of this, medical communication systems have tended to prioritise simplicity and speed over innovation and security. 

That might be why the humble fax (invented, amazingly, in 1843) is still a communication tool that clinicians use because it works, and is simple and well-understood. But faxes have some significant security issues. I’ve talked to people who have been receiving faxes meant for a nearby medical centre with a similar phone number for years. Unwatched fax machines also can lead to trays overflowing with paper covered in potentially sensitive information.

Postcard problem

Like faxes, letters and postcards, email has its risks. It is a simple, robust and well-understood technology and a very common means of professional communication. Used properly, email can be a timely, efficient and safe way of communicating clinical information. Used poorly, it can have more dangers than any postcard.

As a matter of fact, the first issue is called the ‘postcard’ problem. Every email passes through a number of servers on the way to its destination, and any of these servers are able to invisibly log and store the email as it passes through. This is why email is often compared to a postcard - there’s technically nothing stopping anyone reading information on an email in transit if they have access to one of the servers that it passes through. But people use email because it feels more private than the technology warrants. We’d baulk at information about our physical or mental health being scribbled on the back of a picture of the Eiffel Tower but we have few reservations about putting the same information in an email.

Emailing errors

Luckily, most people don’t need to worry about their communications being hoovered up by international spies. A more realistic problem is that email is just too easy. A doctor can copy and paste a spreadsheet, mistype an address (or misread the autocomplete) and hit send, and she or he has just accidentally sent their entire patient list to the New Zealand Herald.

In fact, out of the nearly 471 reported data breaches we have on our files, 100 involved some kind of email error.

Another common type of email breach happens when a person emails a list of recipients and inadvertently reveals their email addresses to every one else. Carbon copying or cc’ing someone on an email allows them to know what is going on and also makes the recipient aware of who else is looking at the email. Blind carbon copying of bcc’ing hides the other recipients. Take care in choosing whether to cc or to bcc a group of people.

Hidden conversations

There’s also the issue of ‘submarine conversations’. This is where you have a gossipy email conversation with someone and then get down to business, unintentionally forwarding the entire email chain and giving the recipients much more insight into your personal life than you had intended.

So plain text email isn’t ideal. Fortunately, there are literally dozens of good encrypted solutions available. Some, like Pretty Good Privacy, (or its free equivalent, Gnu Privacy Guard) suffer from a perception of complexity. More recent offerings, like the Patients First product hMael™, sensibly try and lower the bar to entry by making their products free, health-oriented and secure. The difficulty is that both the sender and the receiver need to be using the same kind of secure email. There’s no point in sending a message if no one knows how to read it.

Are portals the answer?

Another approach is the ‘portal’ method, where doctors view data directly rather than transmitting it. Portals are secure and effective, but a proliferation of them means doctors spend most of their days logging into and out of dozens of different systems.

The status quo, where clinicians make do with an insecure method of transmitting the data that they desperately need, is far from ideal. But until we get an agreed standard, it’s going to be hard to achieve the coverage we need and deserve. But it’s a step that’s waiting to be made. In the meantime, it is good to be aware of where the privacy pitfalls lie when it comes to email.

Image credit: Email @ via publicdomainpictures.net.


, ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.